Basic ASA config

Basic config for ASA

no service call-home
clear config call-home
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name *
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
logging enable
logging timestamp
logging buffer-size 8000
logging buffered debugging
crypto key generate rsa modulus 1024 noconfirm
aaa authentication ssh console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication http console LOCAL 
aaa authentication telnet console LOCAL 
aaa authentication enable console LOCAL

object-group service General_Internet_Browsing
  description Protocols allowed out to the internet
  service-object icmp echo
  service-object icmp echo-reply
  service-object icmp traceroute
  service-object tcp-udp eq echo
  service-object tcp eq ftp
  service-object tcp eq ftp-data
  service-object tcp eq http
  service-object tcp eq https
  service-object udp eq domain

object-group network DMZ_Servers_10.0.0.0-24
  network-object host
  network-object host
  network-object host
  network-object host

access-list dmz_example_acl extended permit object-group General_Internet_Browsing object-group DMZ_Servers_10.0.0.0-24 any 

Leave a Reply